IN THE CLAIMS 



Please amend the claims as follows: 

1. (currently amended) A policy enforcement system for enforcing policies , the policies 
defining what actions of belonging to a first type that thereof first entities as defined in a 
computer system may perform on second entities as defined in the computer system, the 
policy enforcement system comprising: being of the type that includes 

a policy server, the policy serv er comprising including a policy database of the * 
policies and extensibl v configured to include policies for actions belonging to an 
additional type thereof, a policy i ncluding any action that a user may perform on an 
information resource: and 

a policy enforce r, the policy enforcer configured to: 

control that controls performance of the first type of action; 
communicate and is capable of communicating a request to perform an 

action of the first type to the policy server \\,]] ; and 

the policy enforcer permit permitting performance of the action only if a 

response from the policy server indicates that the policies permit the action^ and 

the policy enforcer being ex tensiblv configured to comprise an additional policy 

enforcer, whic h controls performance of actions of the additional typer 

the policy enforcement system being characterized in that: 

the policy data base is extensible to include policies for actions belonging 

to an additional type thereof and the policy enforcement system io thereby 

extensible to include an additional policy enforcer which controls performance of 

actions of the additional type . 
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2. (currently amended) The policy enforcement system of set forth in claim 1 , wherein 
further characterized in that: the policy database is of the class wherein policies are 
defined in terms of as sets of the first entities and sets of the second entities and the 
policy database is further extensible to include an additional type of the first entities 
and/or an additional type of the second entities. 

3. (currently amended) The policy enforcement system of set forth in claim 2 , wherein 
further characterized in that: an action attribute may be is associated in the database 
with a set of the first entities and/or a set of the second entities, the action attribute 
specifying a manner in which an action specified in a given policy is to be performed 
with regard to as regards entities in the set of first entities and/or entities in the set of 
second entities. 

4. (currently amended) The policy enforcement system of set forth in claim 3 , wherein 
further characterized in that: the database is further extensible to include an additional 
type of action attributes. 

5. (currently amended) The policy enforcement system of claim set forth in any one of 
claims 1 , wherein through 4 and 13 further characterized in that: the additional policy 
enforcer controls performance of actions at a level of the computer system that which is 
different from the level feat at which the policy enforcer control performance of actions. 

6. (currently amended) The policy enforcement system of claim set forth in any one of 
claims 1 , wherein through 4 and 13 further characterized in that: at least one of the 
policy enforcers is at a location in the computer system that is remote from the policy 
server. 

7. (cancelled) 
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8. (currently amended) A policy database for implementation that is implemented in a 
data storage device that is accessible to a processor , the policy database comprising : 

at least one policy, the at least one policy and that belongs to the class of policy 
databases wherein policies are defined in terms of sets of first entities, sets of second 
entities, and actions, wherein a given policy defines defining a given action that which 
an entity belonging to a given set of the first entities may perform on an entity belonging 
to a given set of the second entities , the at least one policy subject to association with a 
further condition and, 

the policy database configured to provide the processor, in response to a request 
to the processor, with policy information reflecting being characterized in that: a further 
condition may be associated in the database with the given policy, the processor 
responding to a request to determine whether a particular entity belongs belong to the 
set of first entities to which the given policy applies to may perform the given action on 
a particular entity belonging to the set of second entities to which the given policy 
applies by determining that the particular entity may not perform the given action if the 
further condition is not satisfied at the time the processor responds to the request. 

9. (currently amended) The policy database of set forth in claim 8 , wherein further 
characterized in that: the further condition is a time interval specification associated 
with the given policy, the time interval specification specifying an interval of time 
during which entities belonging to the given set of first entities specified in the given 
policy may perform the given action specified therein on entities belonging to the given 
set of second entities specified therein. 
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10. (currently amended) A policy database for implementation that is implemented in a 
data storage device that is accessible to a processor , the policy database comprising : 

at least one policy, the at least one policy and that belongs to tho clanr. of policy 
databases wherein policies arc defined in terms of sets of first entities, sets of second 
entities, and actions, wherein a given policy defines defining a given action that which 
an entity belonging to a given set of the first entities may perform on an entity belonging 
to a given set of the second entities , the given set of first entities and/or the given set of 
second entities subject to an association with an action attribute, the action attribute 
specifying a manner in which the given action specified in the given policy is to be 
performed and, 

the policy database configured to provide the processor, in response to a request 
to the processor, with policy information reflecting being characterized in that: nn action 
attribute may be associated in tho database with the given set of first entities and/or tho 
given set of second entities, the action attribute specifying a manner in which the given 
action specified in the given policy is to bo performed, the processor responding to a 
request to determine whether a particular entity may perform an action to which the 
given policy applies in a particular manner by determining that the requesting entity 
may not perform the action unless the particular manner is the manner specified by the 
action attribute. 

11. (currently amended) The policy database of set forth in claim 10 , wherein further 
characterized in that: the database is extensible to include new types of action attributes. 

12. (currently amended) The policy database of set forth in claim 10 , wherein further 
characterized in that: an action attribute condition is may be associated in the database 
with an action attribute for the given policy, the action attribute condition determining 
whether a requesting entity belonging to a given set of first entities can perform the 
given action as specified in the action attribute on an entity in the given set of second 
entities at the time the requesting entity makes the request. 
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13. (currently amended) The policy enforcement system of sot forth in claim 1, wherein 
further characterized in that: the additional type of action is defined by a user of the 
policy enforcement system[[;]] and the policy enforcement system includes a user 
interface for extending the policy database by adding the user-defined additional type of 
action thereto to the policy database . 
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